Cisco Virtual Application Container Services Installation and Upgrade
Guide, Release 5.2STV1.1
First Published: February 11, 2015
Last Modified: March 29, 2015
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
© 2015
Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
Overview 1
About Cisco Virtual Application Container Services 1
Components of Cisco Virtual Application Container Services 1
Benefits of Cisco VACS 2
Wizards in Cisco VACS 2
Cisco VACS Solution in Cisco UCS Director 3
Logging Into the Cisco UCS Director 4
Understanding the Cisco VACS Interface 5
Viewing the Cisco VACS Version Information 6
Cisco VACS User Roles 6
About Cisco UCS Director 7
Information About the Cisco Nexus 1000V Virtual Supervisor Module 7
Related Documentation for the Cisco Virtual Application Container Services 8
CHAPTER 2
Cisco VACS Installation Task Summary 11
Cisco VACS Installation Tasks Summary 11
CHAPTER 3
Installing Licenses 13
About Cisco VACS Licenses 13
Guidelines and Limitations for Cisco VACS License 14
Fulfilling the Product Access Key 15
Updating the Cisco UCS Director License 15
Updating the Cisco VACS License 16
Installing the CSR 1000V License 17
CHAPTER 4
Installing Cisco VACS 19
Compatibility Information for Cisco VACS 19
System Requirements for Cisco VACS 19
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
iii
Contents
Hardware Requirements for Cisco VACS 20
Prerequisites for Installing Cisco VACS 20
Applying the Cisco VACS Patch to the Cisco UCS Director 20
Verifying the Installation of Cisco VACS 22
CHAPTER 5
Installing Cisco VACS Components 23
Cisco VACS Installation Sequence 23
Creating a Virtual Account 24
Installing Cisco Prime Network Services Controller 24
Installing Cisco Nexus 1000V 29
About Adding Hosts to Nexus 1000V DVS 35
Adding Hosts 36
CHAPTER 6
Upgrading Cisco VACS 47
About Upgrading Cisco VACS 47
Guidelines and Limitations 47
Prerequisites for Upgrading the Cisco VACS 47
Upgrading Cisco VACS 48
Verifying the Cisco VACS Upgrade Process 49
CHAPTER 7
Troubleshooting Installation Issues 51
Troubleshooting Cisco Virtual Switch Update Manager Installation Issues 51
Removing a Cisco Virtual Switch Update Manager Installation Manually 51
Troubleshooting Cisco Nexus 1000V VSM Installation Issues 52
Removing the Cisco Nexus 1000V VSM Manually 52
Troubleshooting Cisco PNSC Installation Issues 52
Removing a PNSC Installation Manually 52
Problems with Installing Cisco Prime Network Services Controller 53
Troubleshooting Adding Hosts Issues 54
Removing the Hosts Manually 54
Problems with Adding Hosts 55
Troubleshooting CSR 1000V Installation Issues 55
Applying the CSR 1000V License Manually 55
Deleting a Database Entry From UCS Director Database Table 56
Error Messages 57
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
iv
Contents
CHAPTER 8
FAQs 59
Cisco VACS Installation FAQs 59
Cisco VACS Licensing FAQs 62
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
v
Contents
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
vi
CHAPTER
1
Overview
This chapter contains the following sections.
• About Cisco Virtual Application Container Services, page 1
• Cisco VACS Solution in Cisco UCS Director , page 3
• About Cisco UCS Director, page 7
• Information About the Cisco Nexus 1000V Virtual Supervisor Module, page 7
• Related Documentation for the Cisco Virtual Application Container Services, page 8
About Cisco Virtual Application Container Services
Cisco Virtual Application Container Services (Cisco VACS) is a software solution that automates the
coordinated licensing, installation, and deployment of multiple virtual services in your datacenter to enable
an easy and efficient setup of virtualized applications. Cisco VACS provides a fully customizable extended
application container abstraction to simplify deploying and provisioning the virtual services. Cisco VACS
allows you to define extended application container templates and to instantiate them through automated setup
and provisioning of the underlying virtual components. Cisco UCS Director provides the management interface
to deploy, provision, and monitor the Cisco VACS solution.
Cisco VACS provides you with a choice of ready-to-use application container templates that define the rules
for deploying a collection of virtual machines (VMs) within a private network secured by a firewall. An
application container is a set of virtual services such as virtual switches, routers, firewalls, and other network
devices configured in a consistent manner to deploy different workloads. When you create and instantiate an
application container template, Cisco VACS deploys VMs, and configures networks, the firewall, and virtual
switches, and enables quick provisioning of network and security at the virtual layer.
Components of Cisco Virtual Application Container Services
Cisco VACS enables you to build a secure multi tenant cloud and provides ready-to-use application container
templates by leveraging the features in the following virtual components:
• Cisco Nexus 1000V
• Cisco Cloud Services Router (CSR) 1000V
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
1
Overview
Benefits of Cisco VACS
• Cisco Virtual Security Gateway (VSG)
• Cisco Prime Network Services Controller (PNSC)
The following figure shows how these components fit into the architecture of Cisco VACS.
Figure 1: Cisco VACS Architecture
Benefits of Cisco VACS
Cisco VACS provides the following benefits:
• A simplified and central provisioning solution for virtual network services.
• Ready-to-use regulatory compliant secure containers that can be created and instantiated with a few
mouse clicks.
• Hypervisor-independent architecture that enables you to build and manage a secure, multi-tenant cloud.
• Consistent deployment of virtual and physical resources with no additional costs.
For more information about how to configure application container templates on Cisco VACS, see the Cisco
Virtual Application Containers Configuration Guide.
Wizards in Cisco VACS
Cisco VACS includes a set of wizards that guide you through the installation of Cisco PNSC and Cisco Nexus
1000V, and adding hosts and templates. Following are the available wizards:
• Add CSR License
This wizard helps you to add the CSR license token ID, which will be used while configuring the smart
CSR license during the application container deployment using Cisco VACS.
• Install PNSC
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
2
Overview
Cisco VACS Solution in Cisco UCS Director
This wizard helps you to install the Cisco Prime Network Services Controller (PNSC).
• Install Nexus 1000V
This wizard helps you to install the Cisco Nexus 1000V virtual switch.
• Add Host
This wizard helps you to add hosts to the Cisco Nexus 1000V DVS.
• Add Virtual Application Container Services template
This wizard allows you to create a container template.
Cisco VACS Solution in Cisco UCS Director
After you install the Cisco UCS Director – Cisco VACS license and apply the Cisco VACS patch to the Cisco
UCS Director, you can view the Cisco VACS solution under the Solutions > VACS Container tab.
The following action buttons are available on the Cisco Virtual Application Container Services tab:
• Installing the CSR 1000V License
• Installing Cisco Prime Network Services Controller
• Installing Cisco Nexus 1000V
• Adding Hosts
• Add Template
• About VACS
You can view the Cisco VACS version number and the build details using this tab.
The following container-specific action buttons are available under Policies > Application Containers:
• Power on/off container
• Add VMs
• ERSPAN
• Firewall Policy
• Static NAT
• Delete VMs
Note
For information about adding a template, adding or deleting virtual machines, editing firewall policy,
configuring static NAT, or monitoring the container traffic (via ERSPAN), see the Cisco Virtual Application
Container Configuration Guide.
The following management actions are also available:
• Edit Template
• Clone Template
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
3
Overview
Logging Into the Cisco UCS Director
• Delete Template
• Create Container
For more information on the preceding management actions, see the Cisco Virtual Application Container
Services Configuration Guide.
Note
For information on applying the Cisco VACS patch to the Cisco UCS Director, see the Applying the Cisco
VACS Patch to the Cisco UCS Director.
Logging Into the Cisco UCS Director
Step 1
Step 2
In the Address field of the browser, enter the IP address of the Cisco UCS Director and press Enter.
The Cisco UCS Director login page appears.
Enter the username and password in the Username and Password fields, and click Login.
The Cisco UCS Director home page appears.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
4
Overview
Understanding the Cisco VACS Interface
Understanding the Cisco VACS Interface
This section describes the Cisco VACS interface and the features that you can access using Cisco UCS Director
and the admin privileges.
Figure 2: Cisco VACS Interface
Table 1: Elements of the Cisco VACS User Interface
Number
Description
1
The Menu bar displays tabs that allow you to view the Cisco VACS solution
interface, along with the UCS Director tabs.
2
The VACS Container tab displays the submenu corresponding to the Cisco
VACS software solution.
3
The Virtual Application Container Services submenu displays tabs that
allow you to add a template and the CSR license, install PNSC and Nexus
1000V, add host, and view the Cisco VACS version details.
4
The Virtual Application Container Services area displays the available
template details, such as the container template, template description, and
the container type.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
5
Overview
Viewing the Cisco VACS Version Information
This submenu displays buttons that allows you to do the following:
5
• customize the table
• export reports
• add an advance filter
• search
This submenu displays buttons that allows you to do the following:
6
• view user information
• log out of the Cisco UCS Director interface
• view the Cisco web page
• view information about the Cisco UCS Director
• view the Cisco UCS Director Online Help
• search for objects
Viewing the Cisco VACS Version Information
To view the Cisco Virtual Application Container Services (Cisco VACS) build and version details, choose
Solutions > VACS Container > About VACS. The About VACS dialog box displays the Cisco VACS
version and build details.
To view the product documentation, click Online Help.
Cisco VACS User Roles
You can use one of the following roles to access and use Cisco VACS:
• Service End User—Enables you to instantiate a Cisco VACS container from the catalog and services
that are related to the container.
• System Administrator—Enables you to have full privileges to manage Cisco VACS in Cisco UCS
Director including adding accounts, defining policies, creating application templates, instantiating
application containers from the templates, and troubleshoot problems.
Attention
Depending on your user role, your view of Cisco VACS solution, and the permissions to access and
perform tasks in Cisco UCS Director might differ. For detailed information about user roles and privileges,
see the Cisco UCS Director Administration Guide and the Cisco UCS Director Self-Service Portal Guide.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
6
Overview
About Cisco UCS Director
About Cisco UCS Director
Cisco UCS Director is a 64-bit appliance that uses the Open Virtualization Format (OVF) for VMware vSphere
standard template:
Cisco UCS Director delivers unified, highly secure management for converged infrastructure solutions, that
are based on the Cisco UCS and Cisco Nexus platforms.
Cisco UCS Director extends the unification of computing and network layers through Cisco UCS to provide
you with a comprehensive visibility and management capability. It supports NetApp FlexPod and ExpressPod,
EMC Isilon, EMC VSPEX, EMC VPLEX, and VCE Vblock systems, which are based on the Cisco UCS and
Cisco Nexus platforms.
Cisco UCS Director automates the provisioning of resource pools across physical, virtual, and baremetal
environments. It delivers native, automated monitoring for health, status, and resource utilization. You can
do the following using Cisco UCS Director:
• Create, clone, and deploy service profiles and templates for all servers and applications
• Monitor organizational usage, trends, and capacity across a converged infrastructure on a continuous
basis, such as by viewing heat maps that show virtual machine (VM) utilization across all your data
centers
• Deploy and add capacity to ExpressPod and FlexPod infrastructures in a consistent, repeatable manner
• Manage, monitor, and report on Cisco UCS domains and their components
• Extend virtual service catalogs to include physical infrastructures services
• Manage secure multitenant environments to accommodate virtualized workloads that run with
nonvirtualized workloads
Information About the Cisco Nexus 1000V Virtual Supervisor
Module
The Virtual Supervisor Module (VSM) is the control plane of the Cisco Nexus 1000V. It is deployed as a
virtual machine.
Cisco VACS supports the installation of the VSM in a high-availability (HA) pair using the automated Cisco
VACS installation.
The VSM, along with the VEMs that it controls, performs the following functions for the Cisco Nexus 1000V
system:
• Configuration
• Management
• Monitoring
• Diagnostics
• Integration with VMware vCenter Server
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
7
Overview
Related Documentation for the Cisco Virtual Application Container Services
The VSM uses an external network fabric to communicate with the VEMs. The VSM runs the control plane
protocols and configures the state of each VEM, but it never actually forwards packets. The physical NICs
on the VEM server are the uplinks to the external fabric. VEMs switch traffic between the local virtual Ethernet
ports that are connected to the VM vNICs but do not switch the traffic to other VEMs. Instead, a source VEM
switches packets to the uplinks that the external fabric delivers to the target VEM.
A single Cisco Nexus 1000V instance, including dual-redundant VSMs and managed VEMs, forms a switch
domain. Each Cisco Nexus 1000V domain within a VMware vCenter Server must be distinguished by a unique
integer called the domain identifier.
A single VSM can control up to 250 VEMs.
While using the VSG, it can control up to 128 VEMS.
See the Cisco Nexus 1000V Resource Availability Reference for information about scale limits.
The Cisco Nexus 1000V architecture is shown in this figure.
Figure 3: Cisco Nexus 1000V Architecture
Related Documentation for the Cisco Virtual Application
Container Services
This section lists the documents used with the Cisco VACS components and are available on Cisco.com at
the following URL:
Cisco Virtual Application Container Services Documentation
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
8
Overview
Related Documentation for the Cisco Virtual Application Container Services
General Information
Cisco Virtual Application Container Services Release Notes
Installation
Cisco Virtual Application Container Services Installation and Upgrade Guide
Configuration
Cisco Virtual Application Container Services Configuration Guide
User Information
Cisco Virtual Application Container Self-Service Portal User Guide
Nexus 1000V Documentation
For the Cisco Nexus 1000V for VMware vSphere Documentation:
Cisco Nexus 1000V for VMware vSphere Documentation
Prime Network Services Controller Documentation
Cisco Prime Network Services Controller Documentation
Cloud Services Router 1000V Documentation
Cisco Cloud Services Router 1000V Documentation
Virtual Security Gateway Documentation
Cisco Virtual Security Gateway Documentation
UCS Director Documentation
Cisco UCS Director Documentation
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
9
Overview
Related Documentation for the Cisco Virtual Application Container Services
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
10
CHAPTER
2
Cisco VACS Installation Task Summary
This chapter contains the following section:
• Cisco VACS Installation Tasks Summary, page 11
Cisco VACS Installation Tasks Summary
The following sections describe the summary of tasks required to install Cisco VACS:
Tasks before you begin the installation process
• Gather the workload VM and Container deployment requirements.
• Setup user accounts and groups in Cisco UCS Director.
For detailed information about setting up accounts, see the Cisco UCS Director Administration Guide.
Tasks when you are installing Cisco VACS
• Apply the Cisco VACS patch.
For information about applying the Cisco VACS patch, see Applying the Cisco VACS Patch to the Cisco
UCS Director, on page 20.
• Apply or upgrade the Cisco VACS license keys through the Cisco UCS Director User Interface (UI).
For more information about installing the Cisco VACS license, see Updating the Cisco VACS License,
on page 16.
• Apply the CSR 1000V License Token.
For more information on installing the CSR 1000V license, see the Installing the CSR 1000V License,
on page 17
Tasks when you are installing Cisco VACS components
• Set up virtual accounts in Cisco UCS Director.
For detailed information about setting up accounts, see the Cisco UCS Director Administration Guide.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
11
Cisco VACS Installation Task Summary
Cisco VACS Installation Tasks Summary
• Install PNSC and Cisco Nexus 1000V through the UCS Director UI.
For more information about installing these components, see Installing Cisco Prime Network Services
Controller, on page 24 and Installing Cisco Nexus 1000V , on page 29.
• Add hosts and migrate the existing VMs to the Cisco Nexus 1000V through the self-service UI.
For more information on installing hosts, see Adding Hosts , on page 36
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
12
CHAPTER
3
Installing Licenses
This chapter contains the following sections:
• About Cisco VACS Licenses, page 13
• Guidelines and Limitations for Cisco VACS License, page 14
• Fulfilling the Product Access Key, page 15
• Updating the Cisco UCS Director License, page 15
• Updating the Cisco VACS License, page 16
• Installing the CSR 1000V License, page 17
About Cisco VACS Licenses
To use Cisco Virtual Application Container Services (Cisco VACS), you must obtain the Cisco VACS and
the Cisco UCS Director licenses from your Cisco representative or download it from http://www.cisco.com
. You must upload the Cisco VACS license file in Cisco UCS Director. After the license is installed, registered,
and validated by Cisco UCS Director, you must apply the Cisco VACS patch to view the Cisco VACS menu
in the UCS-Director UI.
1 Before you install Cisco UCS Director, generate the license key and claim a certificate (Product Access
Key).
2 Register the Product Access Key (PAK) on the Cisco software license site, as described in Fulfilling the
Product Access Key, on page 15.
3 After you install Cisco UCS Director, update the license in Cisco UCS Director as described in Updating
the License.
4 After the license has been validated, you can upload the Cisco UCS Director-Cisco VACS license.
Tip
If you want to evaluate Cisco UCS Director, you must first obtain an evaluation license by contacting
your Cisco representative.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
13
Installing Licenses
Guidelines and Limitations for Cisco VACS License
Guidelines and Limitations for Cisco VACS License
The following are the guidelines and limitations for installing a Cisco VACS License.
All UCS Director licenses should be of either EVAL or Production type.
You can use the following combinations to enable the Cisco VACS functionality:
• EVAL Base + EVAL UCS Director Server + EVAL Cisco VACS
• Production Base+Production Cisco UCS Director Server + Production Cisco VACS
The following combinations are not supported:
• EVAL Base + EVAL UCSD Server + Production Cisco VACS
• Production Base + Production UCSD server + EVAL Cisco VACS
You can install only one Cisco VACS EVAL license file. There is no limit to install the Cisco VACS Production
licenses. You can install any number of Cisco VACS Production licenses.
For upgrading Cisco VACS from EVAL to Production, you must first install the Cisco UCS Director Production
licenses (Production Base+Production Server) and then install the Cisco VACS Production licenses.
Cisco VACS does not automatically upgrade your existing Cisco Nexus 1000V licenses to permanent licenses
after moving from Cisco VACS EVAL licenses to Cisco VACS Production licenses. You must install a new
Cisco Nexus 1000V to ensure that it is installed with permanent licenses.
Cisco VACS does not upgrade CSR 1000V licenses to Maximum throughput (10 Gig ). After installing Cisco
VACS production licenses and providing a token ID, only new CSR 1000Vs deployed as part of new container
deployment, is licensed to have a throughput of 10 Gig.
PNSC does not need any licenses to work with Cisco VACS.
When you upgrade from Cisco VACS EVAL licenses to the Cisco VACS licenses, note the following points:
1 After installing the UCS Director Production Licenses , Cisco VACS EVAL licenses will be invalid.
2 After installing the UCS Director Production licenses, only the Cisco VACS Production licenses are
accepted.
3 After installing Cisco VACS Production Licenses, existing Cisco Nexus 1000V (installed with EVAL
Cisco VACS Licenses) will not get perpetual/permanent Cisco Nexus 1000V licenses. In this case, you
have to deploy a new Cisco Nexus1000V (after installing the Cisco VACS Production licenses ), so that
new Cisco Nexus 1000V will have perpetual licenses.
4 CSR 1000V deployed during the Cisco VACS EVAL licenses will come up with default licenses and a
maximum throughput of 100 Kbps.
5 After installing the Cisco VACS Production licenses, the existing CSR 1000V of deployed containers will
not be automatically licensed with permanent licenses . In this case, you have to manually apply licenses
for CSR 1000V to have permanent licenses. For information on manually applying licenses, see the Cisco
Smart Licensing section in the Cisco CSR 1000V Series Cloud Services Router Software Configuration
Guide.
6 After installing the Cisco VACS Production license and keying CSR Token ID, CSR 1000V which are
part of new Container deployment will be licensed with permanent licenses with a throughput of maximum
10 Gbps.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
14
Installing Licenses
Fulfilling the Product Access Key
Fulfilling the Product Access Key
Before You Begin
You need the PAK number.
Step 1
Step 2
Step 3
Step 4
Step 5
Navigate to the Cisco Software License website.
If you are directed to the Product License Registration page, you can take the training or click Continue to Product
License Registration.
On the Product License Registration page, click Get New Licenses from a PAK or Token.
In the Enter a Single PAK or TOKEN to Fulfill field, enter the PAK number.
Click Fulfill Single PAK/TOKEN.
Step 6
Complete the additional fields in License Information to register your PAK:
Step 7
Name
Description
Organization Name
The organization name.
Site Contact Name
The site contact name.
Street Address
The street address of the organization.
City/Town
The city or town.
State/Province
The state or province.
Zip/Postal Code
The zip code or postal code.
Country
The country name.
Click Issue Key.
The features for your license appear, and an email with the Digital License Agreement and a zipped license file is sent
to the email address you provided.
Updating the Cisco UCS Director License
Tip
If you want to evaluate Cisco UCS Director, you must first obtain an evaluation license by contacting
your Cisco representative.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
15
Installing Licenses
Updating the Cisco VACS License
Before You Begin
If you received a zipped license file by email, extract and save the .lic file to your local machine.
Step 1
Step 2
Step 3
Step 4
Choose Administration > License.
Click the License Keys tab.
Click Update License.
In the Update License dialog box, do one of the following:
• To upload a .lic file, click Browse, navigate to and choose the .lic file, and then click Upload.
• For a license key, check the Enter License Text check box and then copy and paste the license key only into the
License Text field. The license key is typically at the top of the file, after Key ->.
You can also copy and paste the full text of a license file into the License Text field.
Step 5
Click Submit.
The license file is processed, and a message appears confirming the successful update.
Note
A minimum of one UCS Director Base and Server license should be present before you install the Cisco VACS
license. For information on how to obtain and install the Base and Server licenses, see the Cisco UCS Director
Installation and Upgrade on VMware vSphere.
Updating the Cisco VACS License
Tip
If you want to evaluate Cisco VACS, you must first obtain an evaluation license from the Cisco Sales
Acceleration Center at [email protected].
Before You Begin
Make sure that the Cisco UCS Director Base and Server licenses are installed before installing the Cisco
VACS license. If you received a zipped license file by email, extract and save the .lic file to your local machine.
Step 1
Step 2
Step 3
Step 4
Choose Administration > License.
Click the License Keys tab.
Click Update License.
In the Update License dialog box, do one of the following:
• To upload a .lic file, click Browse, navigate to and select the .lic file, and then click Upload.
• For a license key, check the Enter License Text check box and then copy and paste the license key only into the
License Text field. The license key is typically at the top of the file, after Key ->.
You can also copy and paste the full text of a license file into the License Text field.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
16
Installing Licenses
Installing the CSR 1000V License
Step 5
Click Submit.
The license file is processed, and a message appears confirming the successful update.
Step 6
After the Cisco UCS Director–Cisco VACS license is validated, you must manually restart Cisco UCS Director to view
the tasks that you can perform to use Cisco Virtual Application Container Services and ensure that all the services are
running.
To manually restart the UCS Director services, log in to the SSH application with Shell admin credentials, proceed to
the Cisco UCS Director Shell Menu, and enter one of the following number from the Cisco UCS Director Shell menu:
• 3—Stop Services
• 4—Start Services
• 2—Display Services Status
Installing the CSR 1000V License
You can view the CSR License button after you install the Cisco UCS Director—Cisco VACS license. You
can obtain the CSR license token from your Cisco representative or from the Cisco Smart Licensing Server.
Note
The Online Help link provides you access to the product documentation corresponding to add a CSR
license.
Attention
You must install the CSR 1000V license only after you install Cisco VACS.
Before You Begin
• You must have installed the Cisco UCS Director—Cisco VACS license.
• You must have installed Cisco VACS.
• Ensure that you meet the relevant system requirements as listed in the System Requirements for Cisco
VACS, on page 19.
• You must have admin privileges.
Step 1
Step 2
Step 3
From the Cisco UCS Director menu bar, choose Solutions > VACS Container.
The Cisco VACS management task icons appear.
Click Add CSR License.
In the CSR License dialog box, complete the following fields:
Name
Description
CSR License Token field
The CSR license token that you have obtained.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
17
Installing Licenses
Installing the CSR 1000V License
Step 4
Name
Description
DNS Server IP field
The DNS server IP address.
CSR License Proxy Server IP field (Optional)
The proxy server IP address. The proxy server IP address
is used by the CSR 1000V management IP address to reach
the Cisco Smart licensing server for obtaining licenses.
This field is required only when the CSR management IP
address is private.
CSR License Proxy Server Port field (Optional)
The port number used for connecting to the proxy server.
This field is required only when the CSR management IP
address is private.
Click Submit.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
18
CHAPTER
4
Installing Cisco VACS
This chapter contains the following sections:
• Compatibility Information for Cisco VACS, page 19
• System Requirements for Cisco VACS, page 19
• Hardware Requirements for Cisco VACS, page 20
• Prerequisites for Installing Cisco VACS, page 20
• Applying the Cisco VACS Patch to the Cisco UCS Director, page 20
• Verifying the Installation of Cisco VACS , page 22
Compatibility Information for Cisco VACS
The following table lists the compatibility information for Cisco VACS and Cisco UCS Director.
Table 2: Software Compatibility for Cisco VACS and Cisco UCS Director
Cisco VACS
Cisco UCS Director
Release 5.2STV1.1
• Release 5.2
Note
Apply the latest Cisco UCS Director maintenance patch
before installing or upgrading to Cisco VACS 5.2STV1.1.
• Release 5.1
Release 5.1STV1.0
Release 5.1
System Requirements for Cisco VACS
Cisco VACS has the following system requirements:
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
19
Installing Cisco VACS
Hardware Requirements for Cisco VACS
• Cisco UCS Director Release 5.1 or Release 5.2
Note
For this release, we recommend that you use Cisco UCS Director Release 5.2 with the
5.2.0.1 patch.
• VMware vSphere 5.1 or later
Hardware Requirements for Cisco VACS
The following are the hardware requirements for installing Cisco VACS.
Components
Hard Drive in GB
RAM in GB
CPU
Cisco UCS Director
100
8
4
Cisco Virtual Switch Update
Manager (VSUM)
80
4
2
Cisco Nexus 1000V VSM
3
4
2
(Cisco VACS installs the
Cisco Nexus 1000V in an HA
pair)
Cisco Prime network Services
Controller (PNSC)
220
4
4
Prerequisites for Installing Cisco VACS
The installation of the Cisco VACS has the following prerequisites:
• You have installed Cisco UCS Director Release 5.1or 5.2.
• The setup meets the system requirements with respect to the memory, disk size, and so on.
• You have administrator privileges to install Cisco VACS and the components.
Applying the Cisco VACS Patch to the Cisco UCS Director
Follow this procedure to apply the Cisco VACS patch to the Cisco UCS Director:
Before You Begin
• Download the Cisco VACS patch from http://www.cisco.com. This patch file is a signed zip file with
the following format: VACS-5_2_STV_1_1-pkg.zip.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
20
Installing Cisco VACS
Applying the Cisco VACS Patch to the Cisco UCS Director
• Unzip the zip file and place the software in the FTP or HTTP server that you plan to use to install the
Cisco VACS patch.
Attention
You must ensure that you unzip the zip file (VACS-5_2_STV_1_1-pkg.zip) and use the
extracted patch file VACS-5_2_STV_1_1.zip to install the Cisco VACS patch. If not
used, the installation will fail.
• If NFS mount is used for application storage, disable it before you apply a patch. If you do not, the
upgrade will fail.
Step 1
Note
We recommend that you take a snapshot of the Cisco UCS Director VM before you begin the upgrade.
If you do this, you do not need to back up the existing configuration database through an FTP server.
Note
The VACS-5_2_STV_1_1.zip file can only be applied to the UCS Director Releases 5.1 and 5.2. If you try
to apply this patch file on any other UCS Director releases, the upgrade process errors out and you will
see the following error: VACS: VACS version 1.1 is qualified for UCSD 5.1 and 5.2. Since it's installed
on a VACS 1.0 base with UCSD 5.2, it needs administration care. VACS: Abort installation:
VACS_OLD_VERSION=1.0 UCSD_VERSION=5.2.x.y, please check with Cisco account team for further
assistance.
Step 2
Log in to the SSH application using the Shell admin credentials and proceed to the Cisco UCS Director Shell Menu, and
enter the appropriate numbers from this menu.
In the shelladmin, choose Stop services to stop all services.
Step 3
To verify that all services are stopped, choose Display services status.
Step 4
(Optional) If desired, you can choose Backup database to back up the Cisco UCS Director database.
You do not need to back up the database if you took a snapshot of the Cisco UCS Director VM before you started.
Step 5
To apply the Cisco VACS patch, choose Apply patch.
Step 6
When prompted, enter the location of the Cisco VACS patch.
ftp://username:password@hostname|IP_address/software_location_and_name or http://http server
name|IP_address/software_location_and_name.
In this procedure, we are using the FTP option to install the Cisco VACS
patch.
Wait for the download and installation to complete.
After the installation is completed, choose Start services to start services.
Upon a successful VACS patch installation (or an upgrade), you see the following options on the screen:
Note
Step 7
Step 8
vacs_pre_install_1.1.sh Begin .....
vacs_pre_install_1.1.sh End
vacs_post_install_1.1.sh Begin .....
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
21
Installing Cisco VACS
Verifying the Installation of Cisco VACS
vacs_post_install_1.1.sh End
Completed installing package 0
Note
After you apply the Cisco VACS patch and complete that installation, choose the Start Services option of
ShellAdmin to start/restart the Cisco UCS Director services and complete the patch process. The patch process
is not complete or successful until the Cisco UCS Director services have started, Cisco UCS Director is available,
the login screen is displayed, and the admin user can log in to Cisco UCS Director.
All Cisco UCS Director services must be started before you attempt to perform other shelladmin procedures,
such as apply additional patches, take a database backup, or restore a database from a backup.
Verifying the Installation of Cisco VACS
You can verify the installation of Cisco VACS using any of the following methods:
1 Log in to the Cisco UCS Director through the web browser (with the admin credentials), and choose
Solutions > VACS Container. You can view the Cisco VACS solution task icons.
2 Log in to the Cisco UCS Director through the web browser (with the admin credentials), and choose
Solutions > VACS Container > About VACS. You can view the installed version of Cisco VACS.
3 Verifying the availability of the Cisco Nexus 1000V, PNSC, VSG, and CSR OVF files in the Cisco UCS
Director—To verify if the OVF files exist in the Cisco UCS Director, from the Cisco UCS Director menu
bar, choose Administration > Integration > User OVF Management.
The User OVF Management window displays the list of Cisco UCS Director related OVF files.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
22
CHAPTER
5
Installing Cisco VACS Components
This chapter contains the following sections:
• Cisco VACS Installation Sequence , page 23
• Creating a Virtual Account, page 24
• Installing Cisco Prime Network Services Controller, page 24
• Installing Cisco Nexus 1000V , page 29
• About Adding Hosts to Nexus 1000V DVS, page 35
• Adding Hosts , page 36
Cisco VACS Installation Sequence
After you install the Cisco UCS Director—Cisco VACS license and apply the Cisco VACS patch to the UCS
Director, you must install and register the following components before you can create the Cisco VACS
application container templates:
• Add the virtual account.
For information about adding virtual account, see Creating a Virtual Account, on page 24
• Install the CSR 1000V license.
For information about installing CSR 1000V license, see the Installing the CSR 1000V License, on
page 17.
• Install Cisco Prime Network Services Controller (PNSC) using Install PNSC action button.
For information about installing Cisco PNSC, see the Installing Cisco Prime Network Services Controller,
on page 24.
• Install Cisco Nexus 1000V using the Install Nexus 1000V action button. Cisco Nexus 1000V is
automatically registered with Cisco UCS Director when you install the switch.
For information about installing Cisco Nexus 1000V, see Installing Cisco Nexus 1000V , on page 29.
• Enable Cisco Nexus 1000V forwarding on each virtualized server in the vCenter deployment using the
Add Host action button.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
23
Installing Cisco VACS Components
Creating a Virtual Account
For information about adding hosts, see Adding Hosts , on page 36.
Creating a Virtual Account
Step 1
Step 2
From the Cisco UCS Director menu bar, choose Administration > Virtual Accounts.
The Virtual Accounts task icons appear.
Click Add.
The Add Cloud dialog box appears.
Step 3
Choose VMware from the Cloud Type drop-down list.
The Add Cloud entry form window appears.
Step 4
In the Add Cloud entry form window, complete the following mandatory fields:
1 Cloud Name—Enter the cloud name.
2 Server Address—Enter the vSphere server address.
3 Admin Credentials—Enter the administrator credentials.
Step 5
Choose the POD from the POD drop-down list.
By default, the POD fro the Virtual Account is Default POD. You can choose the applicable POD from the drop-down
list.
Step 6
Click Add and then click OK.
The new virtual account now displays in the Virtual Accounts table.
Installing Cisco Prime Network Services Controller
After a successful installation of the Cisco Virtual Application Container Services license, Cisco UCS Director
enables you to do a new installation of Cisco Prime Network Services Controller (PNSC). PNSC is the policy
manager for Virtual Security Gateway for traffic between the virtual machines in one virtual cloud account.
Note
The Online Help link provides you access to the product documentation corresponding to installing PNSC.
Before You Begin
• Have the administrator privileges to install Cisco Prime Network Services Controller.
• Ensure that PNSC and any associated Cisco Nexus 1000V switches are not installed on the same virtual
account in Cisco UCS Director. PNSC and the Cisco Nexus 1000V must not be pre-installed on the
virtual accounts on which you plan to install these components using Cisco VACS.
• Know the location information (data center and IP address) of the host on which you are deploying the
PNSC.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
24
Installing Cisco VACS Components
Installing Cisco Prime Network Services Controller
• Know the virtual machine resources (management port group and data store) for the PNSC virtual
machine.
• Know the DNS and Network Time Protocol (NTP) server information.
• Ensure that the data store has sufficient storage space. For more information, see Hardware Requirements
for Cisco VACS, on page 20
Step 1
Step 2
From the Cisco UCS Director menu bar, choose Solutions > VACS Container.
The Cisco VACS management task icons appear.
Click Install PNSC.
The Install PNSC wizard appears.
Figure 4: Install PNSC Wizard
Step 3
In the Name and Location Specification screen, complete the following fields.
Name
Description
PNSC OVF Path field
The PNSC OVF path is auto-populated in this field.
Virtual Account Information
Virtual Account drop-down list
Choose the virtual account for the PNSC installation.
Note
This virtual account can be a vCenter account or
a datacenter in a vCenter account.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
25
Installing Cisco VACS Components
Installing Cisco Prime Network Services Controller
Name
Description
PNSC Specification
PNSC Name field
Enter a unique name for the PNSC instance.
Note
The name can be alphanumeric, dashes, and
underscores and must be between 2 to 32
characters.
Admin Password field
Enter the administrator password.
Note
The admin password validation must meet the
below conditions:
• Contains a minimum of eight characters.
• Contains at least three of the following:
1 Lowercase letters
2 Uppercase letter
3 Digits
4 Special characters
• Does not contain a character that is repeated
more than three times consecutively. For
example, aaabbb.
• Is not the user name or the reverse of the user
name.
• Passes a password dictionary check. The
password must not be based on a standard
dictionary word. PNSC uses the standard
Linux open source PAM module.
• Does not contain the following symbols:
dollar sign ($), question mark (?), equals sign
(=).
• The password must not be blank for a local
user and the admin accounts.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
26
Installing Cisco VACS Components
Installing Cisco Prime Network Services Controller
Name
Description
Shared Secret field
Enter the shared secret.
The shared secret is used for authenticating control traffic
between the PNSC and the VSM that is involved in
managing security policies for and switching between a
given set of virtual machines.
Note
The shared secret password must contain the strong
password characteristics such as the following:
• At least eight characters.
• Lowercase letters, uppercase letters, digits,
and special characters.
• Does not include characters such as:
1 Consecutive alphanumeric characters,
such as abcd or 1234.
2 Characters repeated three or more times,
such as aaabbb.
3 A variation of the word Cisco , such as
cisco , ocsic , or one that changes the
capitalization of letters in the word Cisco.
4 The username, or the username in
reverse.
5 A permutation of characters present in
the username or Cisco.
• Characters such as, &, ' " `, ( ), < >, |, \, ;, $,
?, and spaces.
IPv4 Address field
Enter the management IP address that is configured on the
PNSC instance.
Note
The IPv4 address must have the following
characteristics:
• Must be a valid unicast IPv4 address.
• Must have the same subnet with the IPv4
Gateway field.
IPv4 Address Subnet Mask field
Enter the netmask address. For example, 255.255.255.0.
IPv4 Gateway Address field
Enter the default gateway.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
27
Installing Cisco VACS Components
Installing Cisco Prime Network Services Controller
Step 4
Step 5
Click Next.
In the Placement and Network Specification screen, complete the following fields.
Name
Description
Networking
DNS IPv4 field
Enter the DNS server IPv4 address.
DNS Hostname field
Enter a unique DNS hostname for the PNSC.
Note
The DNS hostname must contain the following
characteristics:
• Must be at least 2 characters, no more than
24 characters.
• Must contain an alphanumeric and a hyphen.
• Must not start with a digit.
• Must not start or end with a hyphen.
DNS Domain Name field
Enter a DNS domain name.
Note
This name should be a string value from 2 to 256
characters.
NTP IPv4 Server field
Enter the NTP server IPv4 address.
Placement Details Information
Step 6
Step 7
Datacenter drop-down list
Choose the datacenter of the host on which the PNSC
virtual machine must be deployed.
Host/Cluster drop-down list
Choose a standalone host or a host from the cluster in the
datacenter.
Management Network drop-down list
Choose the port group to which the PNSC's Management
network should be mapped.
Datastore drop-down list
Choose the datastore.
click Next.
In the Install PNSC Summary screen, verify the details of the installation. If the details are correct, click Submit.
Otherwise, click Back to go back to a previous step and modify the details.
After clicking Submit, a dialog box that appears , displays a service request number that can be used to track the progress
of the workflow, as described in the next step.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
28
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
Note
1 If the PNSC installation fails, there is an automatic rollback to clean up the installation. If PNSC installation
is successful, but the PNSC registration to the VC and the UCS Director fails, then automatic rollback are
not done.
2 If the input parameters needs to be changed, then re-submission of the workflow will not help.
3 If the Register PNSC task has failed, then re-submission of the workflow from the same task is possible.
4 If the PNSC installation fails, you can manually recover the partial or an unsuccessful installation. To
manually recover the installation, see Removing a PNSC Installation Manually, on page 52.
Step 8
View the progress of the installation and deployment of PNSC by choosing the Organization > Service Requests. In
the Service Request tab, you can view the Workflow Status or Logs to determine the status of the installation and
troubleshoot problems.
Note
If the deployment task failed due to network or host issues which can be corrected, then correct the issues and
resubmit the workflow.
Installing Cisco Nexus 1000V
After successfully installing PNSC, the Cisco VACS solution enables you to install a Cisco Nexus 1000V
switch. You can install multiple Cisco Nexus 1000V switches, and each of these instances are registered with
PNSC that was installed by the Cisco VACS solution.
Note
1 Cisco Nexus 1000V will be licensed with 1024 licenses of the Stingray Package.
In the EVAL period, the expiry date of Cisco Nexus 1000V will be same as that of the EVAL Cisco
VACS license expiry. In case of Cisco Nexus 1000V created after installing the Cisco VACS Production
licenses, there will not be any expiry (permanent) for the Cisco Nexus 1000V.
2 In case of upgrading the EVAL Cisco VACS license to the Production Cisco VACS license, an existing
Cisco Nexus 1000V will not be automatically installed with permanent licenses.
Note
The Online Help link provides access to the product documentation corresponding to installing Cisco
Nexus 1000V.
Before You Begin
• You must be a system administrator with full privileges to perform this task.
• Set aside an IP address, each for the VSM and the Cisco Virtual Switch Update Manager (Cisco VSUM)
which is the Nexus 1000V Installer.
• Set aside virtual machine resources (port groups and datastores) for the installer virtual machine, the
primary VSM, and the secondary VSM.
• Each VSM (primary and secondary) must have the following minimum system requirements:
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
29
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
◦2 vCPUs, 2 GHz
◦4 GB memory
◦3 GB storage space
• The Cisco VSUM must have the following minimum system requirements:
◦2 vCPUs
◦4 GB memory
◦80 GB storage space
• Reserve a unique numeric domain ID for the Cisco Nexus1000V switch.
Step 1
Step 2
From the Cisco UCS Director menu bar, choose Solutions > VACS Container.
The Cisco VACS management task icons appear.
Click Install Nexus 1000V.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
30
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
The Install Nexus 1000V wizard appears.
Figure 5: Install Nexus 1000V Wizard
Step 3
In the Name and Location Specification screen, complete the following fields, and then click Next :
Name
Description
VSUM OVF Path field
The VSUM OVF path is auto-populated.
Virtual Account drop-down list
Choose the name of the cloud account that you want to
install the VSUM (installer VM) and the Cisco Nexus
1000V VSMs.
After you select the cloud account, the IP address of the
PNSC version that you earlier installed is displayed below
this field. If you have not installed PNSC earlier, then you
get an error message indicating that the PNSC server is not
found and you are not allowed to proceed with the
installation.
VSUM Name field
Enter a unique name for the Cisco Virtual Switch Update
Manager.
Note
The name of the installer can be an alpha-numeric
value, from 2 to 256 characters long.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
31
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
Step 4
In the Placement and Network Specification screen, complete the following tasks, and then click Next:
Name
Description
Placement Details
Datacenter drop-down list
Choose the VMware datacenter to install the Cisco Virtual
Switch Update Manager.
Host/Cluster drop-down list
Choose a standalone host or a host from the cluster in the
datacenter.
Management Network drop-down list
Choose the port group details for this installer. Ensure that
this port group provides reachability to the IP address that
you will provide for the VSUM VM later in the installation
process.
Datastore drop-down list
Choose the datastore.
Network Properties Information
Step 5
IPv4 Address field
Enter the IPv4 address of the Cisco Virtual Switch Update
Manager. This IPv4 address must be accessible through
the port group that you previously chose.
IPv4 Subnet Netmask field
Enter the netmask address. For example, 255.255.255.0.
Default Gateway IPv4 field
Enter the default gateway.
In the VSM Deployment Information screen, complete the following tasks and then click Next:
Name
Description
VSM Deployment Information
Step 6
Deployment Type field
The Cisco Nexus 1000V is deployed in the High
Availability (HA) mode by default.
Firmware Version field
The firmware version of the VSM. The default version is
5.2(1)SV3(1.1).
VSM Datacenter drop-down list
Choose the VSM datacenter for deploying the VSM VMs.
This is also the datacenter in which the Cisco Nexus 1000V
Distributed Virtual Switch will be created.
In the VSM Host Selection screen, complete the following tasks and then click Next:
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
32
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
Name
Description
Primary VSM Host
Primary IP Address drop-down list
Choose a stanalone host or a host from the cluster on which
the primary Cisco Nexus 1000V VSM will be placed.
Primary Datastore drop-down list
Choose the datastore to use for the primary VSM.
The list contains the datastores that are on host of the
primary Cisco Nexus 1000V VSM.
Secondary VSM Host
Step 7
Secondary IP Address drop-down list
Choose a standalone host or a host from the cluster on
which the secondary Cisco Nexus 1000V VSM will be
placed.
Secondary Datastore drop-down list
Choose the datastore for the secondary VSM.
In the VSM Port Group screen, complete the following tasks and then click Next:
Name
Description
Port Group Information
Step 8
Control Interface Portgroup drop-down list
Choose the control interface portgroup of the VSM.
Management Interface Portgroup drop-down list
Choose the management interface portgroup of the VSM.
Packet Interface Portgroup drop-down list
Choose the packet interface portgroup of this VSM.
Note
For more information on the port groups, see the http:/
/www.cisco.com/c/en/us/support/switches/
nexus-1000v-switch-vmware-vsphere/
products-installation-and-configuration-guides-list.html
In the SVS Domain and Server Setup Specification screen, complete the following tasks and then click Next.
Name
Description
SVS Domain Setup
Domain ID field
Enter a unique ID for the SVS domain. The domain ID
must be unique across all of the Cisco Nexus 1000V virtual
switches in your datacenter.
Note
Valid range for the domain ID is between 1 to
1023.
NTP and PNSC Setup
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
33
Installing Cisco VACS Components
Installing Cisco Nexus 1000V
Step 9
Name
Description
NTP Server IP field
The IP address of the NTP server is automatically populated
with the IP address of the NTP that was provided during
the PNSC installation. This is a non-editable field.
PNSC Server IP field
The IP address of the PNSC server is automatically
populated with the IP address of the PNSC server that was
provided during the PNSC installation. This is a
non-editable field.
In the VSM Profile Specification screen, complete the following tasks and then click Next.
Name
Description
VSM Profile
IPv4 Address field
Enter the management IP address that you want to configure
on the VSM.
Subnet Mask field
Enter the netmask address. For example, 255.255.255.0.
Gateway IP Address field
Enter the gateway IPv4 address.
Distributed Virtual Switch Name field
Enter a unique name for the switch. The name can be an
alpha-numeric value, from 2 to 32 characters long.
User and Password
Step 10
User Name field
User name is set to admin by default and cannot be
changed.
Password field
Enter the password for associated with the VSM profile.
The password must contain at least 1 uppercase letter, 1
lowercase letter, and 1 numeric digit, and must be value
between 8 to 64 characters long.
Confirm Password field
Re-enter the password.
In the Install Nexus1000V Summary screen, verify the details of the installation. If the details are correct, click Submit.
Otherwise, click Back to go back to a previous step and modify the details.
After clicking Submit, a dialog box shows a service request number that can be used to track the progress of the Workflow,
as described in the next step.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
34
Installing Cisco VACS Components
About Adding Hosts to Nexus 1000V DVS
Note
1 If the VSUM installation fails, there is an automatic rollback to clean up the installation. If VSUM installation
is successful, but the VSM deployment fails, then only the VSM is automatically rolled back to clean up the
VSM installation. If the VSM are also deployed successfully but the VSM configuration tasks fails, then an
automatic rollback does not occur.
2 If the inputs are not right, then re-submission does not work. The Cisco Nexus 1000V wizard must be used
again to enter the correct inputs and then submit.
3 If there are any network, host, or datastore issues, then you must correct them and then resubmit the workflow
from the point of failure (in the deploy VSUM or deploy VSM tasks)
4 If the installation of Cisco Virtual Switch Update Manager (VSUM) for Cisco VACS fails, you can manually
remove the partial installation or unsuccessful installation. To manually remove the installation, see the
Removing a Cisco Virtual Switch Update Manager Installation Manually, on page 51.
Step 11
Step 12
View the progress of the installation and deployment of the VSM by clicking on the Organization > Service Requests.
In the Service Request tab, you can view the Workflow Status or Logs to determine the status of the installation and
troubleshoot problems.
If the deployment tasks is successful, but the Config VSM task fails, then you must resubmit the workflow from the
Config VSM task to complete the installation.
About Adding Hosts to Nexus 1000V DVS
Adding hosts to Nexus 1000V DVS is a complex operation. This section describes the scope of the Add Hosts
wizard and how to translate your intended usage into proper choices.
Adding a host requires the following :
• Specifying a Nexus 1000V DVS and the host that is being added to it.
• Using a port profile editor to view the existing port profiles and to create new port profiles in case the
existing ones are inadequate for your purpose. For an overview of the Cisco Nexus1000V port profiles,
see the http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/5_2_1_s_v_3_1_1/
port_profile/config/b_Cisco_N1KV_VMware_Port_Profile_Config_521SV311.html
• Selecting one or more physical interfaces of the host to migrate to the virtual switch and attaching the
right port profile to each one.
• Establishing a VM kernel NIC for Cisco Nexus1000V control traffic.
• Optionally migrating previously created virtual kernel NICs (vmknics).
• Creating one or more (upto a maximum of four) VM kernel NICs for VXLAN encapsulation. In VXLAN
terminology, these VM Kernel NICs serve the role of VTEPs, which are the VXLAN Tunnel End Points.
• Optionally migrating some or all of the Virtual Machines that may already be present on the host.
Once you name the virtual account for the deployment and select the specifications from the corresponding
drop-down lists, the virtual switch and host specifications get created. Port profiles are an abstraction that
stands for a set of port level network attributes. They come in the following two flavors :
1 Physical port profiles
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
35
Installing Cisco VACS Components
Adding Hosts
These contain attributes relevant to the physical interfaces. You can set up a physical port profile to carry
multiple VLANs. One of these vlans must be designated as the native VLAN. Traffic on the native VLAN
travels on the wire, without 802.1Q encapsulation. A virtual port profile for the purposes of the 'Add Host'
wizard can carry traffic on just one VLAN. For any virtual interface, irrespective of whether it is the
interface of a VM or a VM Kernel NIC, you can associate a particular virtual port profile only if the VLAN
it specifies, has been included in one of the physical port profiles associated with one of the physical
interfaces. The VLAN associated with any virtual interface on a host must be carried on one of the physical
interfaces of that host.
Physical port profiles also specify if the interfaces that they attach to form a logical bundle and if they do,
whether it is a bundle of type '5 tuple hash-based static portchannel' or of type 'MAC Pinning'. For an
understanding of what these interface types are, see the http://www.cisco.com/c/en/us/td/docs/switches/
datacenter/nexus1000/sw/5_2_1_s_v_3_1_1/interfaces/config/
b_Cisco_N1KV_VMware_Interface_Config_521SV311/b_Cisco_Nexus_1000V_Interface_Configuration_
Guide_Release_4_2_1_SV_2_2_1_chapter_0110.html
2 Virtual port profiles
These contain attributes suitable for VMs or VM Kernel NICs. A specially designated virtual Kernel NIC
must be established on each host to exchange management and control signals with the Cisco Nexus1000V
Virtual Supervisor Module (VSM). The simplest way is to specify migrating the pre-existing management
VM Kernel NIC (usually named vmk0). Alternatively you can create a VM Kernel NIC expressly for this
purpose. If you exercise the latter option, make sure that these specifically created VM Kernel NICs
necessarily belong to the same VLAN and have IP addresses in the same subnet as the management
interface of the VSM module. It is not necessary to ensure this when you are simply choosing to use the
management VM Kernel NIC as the control VM Kernel NIC.
You must follow this simple rule for creating VTEP VM Kernel NICs. If the physical interfaces of a host
are not in a MAC pinning mode port channel, a single VTEP NIC suffices. If they are in MAC Pinning
mode, you can create as many VTEP VM Kernel NIcs as the number of physical interfaces being migrated
on that host. Moreover, all VTEP NICs on all hosts in a single virtual switch must be in the same VLAN
and the same subnet.
The Cisco VACS Add Host wizard will try to restrict you to legitimate choices. For instance, it will try to
detect which VLAN is native on each physical interfaces that you want to migrate. It will also try to discover
which VLAN the management VMKernel NIC is on in case you choose to re-use it as the control VM Kernel
NIC. However there are times when these automatic discovery attempts can fail. You must ensure correct
choices for native VLANs of the physical interfaces as well as the VLAN for the control VM Kernel NIC.
Adding Hosts
After a successful installation of the Cisco Virtual Application Container Services license and Cisco Nexus
1000V, you can install Cisco Nexus 1000V Virtual Ethernet Module (VEM) for a VMware ESXserver .
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
36
Installing Cisco VACS Components
Adding Hosts
Note
• The Online Help link provides access to the product documentation corresponding to Adding a
Host.
• Rollback recovery is not supported for the Add Host operation.
• For this release, Cisco VACs allows you to add only one host at a time to the Nexus1000 DVS.
• We recommend that you turn on the CDP on the server ports before starting the Add Host wizard.
Before You Begin
Before beginning the Cisco Nexus 1000V VEM software installation, you must know or do the following:
• The following are the disk and memory usage for the VEM software on an ESX/ESXi host:
• 6.5 MB of disk space
• Maximum of 4 GB of RAM when all Cisco Nexus 1000V features are activated.
Step 1
Step 2
From the Cisco UCS Director menu bar, choose Solutions > VACS Container.
The Cisco VACS management task icons appear.
Click Add Host.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
37
Installing Cisco VACS Components
Adding Hosts
The Add Host wizard appears.
Figure 6: Add Host Wizard
Step 3
In the Host Location Specification screen, complete the following fields :
Name
Description
Virtual Account drop-down list
Choose the name of the virtual account.
Datacenter drop-down list
Choose the datacenter where the host is present.
Nexus 1000V Switch drop-down list
Choose a Cisco Nexus 1000V DVS to add the hosts.
Host drop-down list
Choose a standalone host or a host from the cluster in the
datacenter, that you want to add to the Nexus1000V DVS.
Step 4
Click Next.
The Port Profle Configuration screen appears.
Step 5
In the Port Profle Configuration screen, review the port profiles that can be used by the physical interfaces (PNIC) or
the virtual interfaces (VNIC).
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
38
Installing Cisco VACS Components
Adding Hosts
Only those port profiles that have Exists?=no can be modified. The port profile with Exists?=yes are those that
are already available on the VSM and cannot be modified. There could be instances wherein this screen will
not display any port profiles.
The Port Profle Configuration screen allows you to create or examine port profiles. These port profiles are applied to
the physical interfaces that you want to add to the virtual switch or to the virtual interfaces of the virtual machines. The
table on the screen displays the previously-created port profiles for examination and also displays some suggested port
profiles that are deemed suitable for this particular host. Only the newly suggested port profiles can be modified. Port
profiles that are being newly created can be deleted from the list if necessary.
Note
After you finish managing the set of port profiles, you will be prompted to apply the port profiles to the physical interfaces
of the host or to virtual machines that are already on the host that you want to migrate to the Cisco Nexus 1000V. Any
newly created port profiles in this list that are not assigned to any interface—physical or virtual—will not be persistent
in the switch.
Before exiting this screen, ensure that suitable port profiles exist for all the physical server ports that you intend to migrate
to the Nexus1000V. If the UI does not pre populate the table with suitable port profiles, you must add them manually.
For Ethernet port profiles, only static port channel and virtual port channel host mode (vPC -HM) is supported.
The list of port profiles is displayed. You can modify or delete the suggested port profiles, or add new port profiles. If
you want to add more port profiles, click + and fill in the following details in the Add Entry to Port Profile screen. If
you want to modify an existing port profile, then select the appropriate port profile and click the edit (pencil) icon which
is located next to + and modify the existing field.
Step 6
In the Add Entry to Port Profile screen, complete the following fields:
Field
Description
Profile Name field
Enter a unique name for the port profile. The valid range
is 2 to 32.
Port Profile Specification
VLANs field
Enter a VLAN list as a comma-separated list of numeric
IDs and numeric ID ranges. For example,
"1,3,5-8,6-9,11,20-30". The valid range is 1 to 3967 and
4048 and 4093.
A port profile with the Physical Interface check box
checked, can and usually carry multiple VLANs in a list.
Port profiles for virtual machines only carry a single
VLAN. Attempting to assign a list to a port profile with
the Physical Interface check box unchecked results in an
error.
Physical Interface check box
Check this check box to indicate that this port profile is
intended for use with the physical interfaces of the host.
Uncheck the check box to indicate that the port profile is
meant for use with one or more virtual interfaces.
By default, this check box is unchecked.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
39
Installing Cisco VACS Components
Adding Hosts
Field
Description
Native VLAN field
If you check the Use for physical interfaces check box,
you can enter the Native VLAN ID for this port profile.
This field is pre-populated with a value of 1.
The valid range is 1 to 3967 and 4048 and
4093.
Ensure that you provide the correct VLAN for the native
VLAN field. If you don't do so, the addition of a host to
the Nexus 1000V DVS fails.
Note
Channel Group MacPinning check box
Check this check box to enable port–channel of type
Mac–Pinning. If unchecked, all of the interfaces to which
this port profile is applied form a static port channel.
Note
By default, the MacPinning is enabled and the
check box is checked.
Click Submit.
For virtual machine port-profiles, only the VLAN and
Native VLAN fields are displayed. You must choose the
appropriate VLAN configuration.
Repeat the above steps for physical port-profiles. For virtual
machine port-profiles, only the VLAN and Native VLAN
fields are displayed. You must choose the appropriate
VLAN configuration.
Step 7
Click Next on the Port Profile Configuration screen after you have modified or added the required port profiles. .
The Physical NIC Migration Configuration screen appears.
Step 8
In the Physical NIC Migration Configuration screen, you can view all the PNICs present in the host, with a suggested
port-profile mapped to it and the migration to be set to true. .
To edit the Port-profile mapping, migration status, or the container traffic check for an existing PNIC, select the appropriate
PNIC and click the edit (pencil) icon and modify the existing fields.
Attention
It is important that you enable at least one physical NIC to use for container traffic. If you do not enable it,
you cannot proceed with the wizard.]
The Edit Physical NICs Entry screen appears.
Step 9
Step 10
(Optional) In the Edit Physical NICs Entry screen, modify the existing fields, and then click Submit.
Name
Description
Select PNIC to Migrate
Name field
This display-only field shows the interface name.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
40
Installing Cisco VACS Components
Adding Hosts
Name
Description
Migration check box
Check the check box to enable the migration of the PNIC
to the Cisco Nexus 1000V.
Note
By default, all the PNICs are set to true for that
migration. You can uncheck the check box to not
migrate the PNIC to the Cisco Nexus 1000V.
Port Profile drop-down list
Choose the port profile from the list of available port
profiles that are associated to the physical interfaces.
Use for Container Traffic check box
Check this check box to indicate that the port profile
mapped to the PNIC is data-capable. A data-capable port
profile is applied to those physical interfaces that carry all
of the container traffic. This distinguishes such a port
profile from one that is only applied to physical interfaces
and is intended for other traffic classes, such as vMotion
traffic, host management traffic, and storage traffic. You
can combine all of the traffic classes on the same set of
physical interfaces, in which case those interfaces would
use the port profiles that are marked as data capable.
In every host, there must be exactly one physical port
profile in use that is marked data capable.
Source vSwitch field
This display-only field shows the virtual switch with which
the interface is currently associated.
Repeat this step for the other PNICs that you want to
modify.
Click Submit.
Step 11
In the Physical NIC Migration Configuration screen, click Next.
The Kernel NIC Migration Specification screen appears.
Step 12
In the Kernel NIC Migration Specification screen, complete the following fields:
Each host in a Cisco Nexus 1000V virtual switch must set up a virtual kernel NIC (VMKNIC) to carry the control protocol
between the host software and the VSM. In Cisco Nexus 1000V terminology, this VMKNIC is referred to as the L3
control VMKNIC of the host. This screen enables you to set up and configure the L3 control VMKNIC for the host and
also provides you an option to migrate the existing VMKNICs from the vswitch to Nexus1000V DVS.
Name
Description
Migrate Kernel NICs check box
Check the check box to view the list of all available
VMKNICs.
By default this check box is checked.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
41
Installing Cisco VACS Components
Adding Hosts
Name
Description
VM Kernel NICS table
Displays the list of all available VMKNICS. You are
allowed to edit the VLAN and the VMKNIC usage
information. This table is displayed when you check the
Migrate Kernel NICs check box.
Note
The VMKNICs whose usage is Management will
be used for L3 control communication between
the host and the VSM. You can have only 1
VMKNIC which can be management (usually the
host management VMKNIC)
An additional VMKNIC can be used for Storage
usage. This configures the iSCSI–multipath feature
on the Cisco Nexus1000V for that VMKNIC.
Important
You must ensure that the VLANs mentioned
in the table are correct for the VMKNIC and
that those VLANs are allowed in the
port-profile that was mapped to the physical
NIC in the Physical NIC Migration
Configuration screen.
Step 13
Step 14
(Optional) If you want to modify the attributes of an existing VMKNIC, then select the appropriate VMKNIC, and then
click the edit (pencil) icon and modify the existing fields.
(Optional) In the Edit VM KNICs Entry screen, modify the existing fields, and then click Submit.
Name
Description
Select VM Kernel to Migrate
Name field
This display-only field shows the VM kernel name.
VLAN drop-down list
Choose a VLAN to use with the L3 control VMKNIC. The
list contains only those VLANS that were added to the
physical port profiles and are mapped to the PNICs in the
earlier screens.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
42
Installing Cisco VACS Components
Adding Hosts
Name
Description
Usage drop-downl list
Choose the usage of the VMKNIC – management, storage,
or unassigned (blank).
Management usage is automatically added to the
management VMKNIC of the host by Cisco VACS. If it
is not matching the host management VMKNIC, change
the management usage mapping to the right VMKNIC.
If the storage VMKNIC is present, mark the VMKNIC
with usage storage. The iSCSI-mulitpath feature of the
Cisco Nexus 1000V will be added to this VMKNIC.
If the VMKNICs are not used for management or storage,
then leave the usage as unassigned.
You can have only one VMKNIC with
management usage and it has to be the ESX host
management VMKNIC.
Do not change the VMKNIC usage without verifying the
existing VMKNIC configuration and usage on the vswitch.
Note
Click Submit.
Step 15
(Optional) If you want to add new VMKNICs instead of using existing VMKNICs, then uncheck the Migrate Kernel
NICs check box and complete the following fields:
Name
Description
VLAN drop-down list
Choose a VLAN to use with the L3 control vmknic.
Note
This option is available if the Migrate Kernel
NICs check box is not checked.
Enter the IPv4 address for the L3 control VMKNIC.
IPv4 Address
Note
This option is available if theMigrate Kernel
NICs check box is not checked.
Enter the subnet mask IPv4 address .
IPv4 Subnet Mask
Note
This option is available if theMigrate Kernel
NICs check box is not checked.
Step 16
Click Next.
The VXLAN VTEP Interfaces screen appears.
Step 17
In the VXLAN VTEP Interfaces screen, click + to add entries to the list of VXLAN VTEP interfaces list.
VXLAN operation requires that each host have one or more Virtual Tunnel End Points (VTEPs). These are represented
as vmknics. If the host has data-capable physical interfaces configured in a static port channel mode, then a single VTEP
suffices. If the host has one or more physical interfaces configured using the Mac Pinning configuration, then the user
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
43
Installing Cisco VACS Components
Adding Hosts
can accordingly create as many VTEPs as there are physical interfaces in the MAC pinning configuration. Creating fewer
VTEPs results in underutilization of the physical bandwidth that is available to the host.
Name
Description
Add Entry to VTEP Interfaces
IPv4 Address field
Enter the IPv4 address of the VXLAN VTEP.
IPv4 Subnet Mask field
Enter the subnet mask IPv4 address .
VLAN drop-down list
Choose a VLAN that will receive and transmit all VXLAN
encapsulated frames. The list contains only those VLANS
that were added to the physical port profiles and are mapped
to the PNICs in the earlier screens.
Click Submit.
Note
Step 18
Step 19
You can create a maximum of four VXLAN VTEP interfaces to add to the list of interfaces. After you add the
first interface, you have to enter only the new IPV4 address to create additional interfaces. All other information
is shared between the interfaces across all hosts added via Cisco VACS.
If you want to change the VLAN or subnet mask of the VTEPs, then you must select the first VTEP that you
added, click the Edit button at the top of the table, and then change the fields. All of the VTEPS in the table
will be changed.
Attention
You must choose a sufficiently large IP subnet as all the VTEPs of all the hosts added to a single Nexus1000V
DVS will belong to the same subnet. This cannot be edited in the UI and the add host process will not
proceed further if the IP addresses of the provided subnet are completely utilized.
Click Next.
In the VM Migration Configuration screen, select the VM NIC to migrate and click Next. If you want to edit an entry,
click the Pencil icon and complete the following tasks in the Edit VM NICs to Migrate screen:
Field
Description
Select a VM to Migrate
Name field
This display-only field shows the name of virtual machine
that is being migrated.
Migration check box
The checkbox is unchecked by default. Check the check
box to migrate the virtual machine to the Cisco Nexus
1000V DVS.
Port Profile drop-down list
Choose the port profile for the virtual machine to migrate.
Only the virtual port profiles that were displayed or created
in the Port Profile Configuration screen are listed in this
drop-down list.
Source vSwitch field
This display-only field shows the virtual switch with which
the virtual machine is currently associated.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
44
Installing Cisco VACS Components
Adding Hosts
Field
Description
Click Submit.
If there are only fresh hosts, this list is empty. This list will be populated with VMs only when a host is previously
used and it has VMs that you want to migrate.
Click Next.
In the Add Host Summary Information screen, verify the details of the host added. If the details are correct, click
Submit. Otherwise, click Back to go back to a previous steps and modify the details.
After clicking Submit, a pop-up window appears that shows a service request number that can be used to track the
progress of the Workflow, as described in the next step.
Note
Step 20
Step 21
Step 22
You can view the progress of adding hosts, by clicking on the Organization > Service Requests. In the Service Request
tab, you can view the Workflow Status or Logs to determine the status of the installation and troubleshoot problems.
Note
Re-submission of Add-host is not recommended. If there are errors, navigate to the Add-Host UI and Submit
the form again. Note that, the port-profiles suggested in the 2nd screen will now have changed, so choose/edit
them appropriately.
If the host addition fails, you can manually remove the partial or an unsuccessful host addition. To manually remove the
hosts added, see the Removing the Hosts Manually, on page 54.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
45
Installing Cisco VACS Components
Adding Hosts
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
46
CHAPTER
6
Upgrading Cisco VACS
This chapter contains the following sections:
• About Upgrading Cisco VACS, page 47
• Guidelines and Limitations, page 47
• Prerequisites for Upgrading the Cisco VACS, page 47
• Upgrading Cisco VACS, page 48
• Verifying the Cisco VACS Upgrade Process, page 49
About Upgrading Cisco VACS
You can upgrade Cisco Virtual Application Container Services Cisco VACS from Release 5.1STV1.0 to
Release 5.2STV1.1 by applying the Cisco VACS patch to the Cisco UCS Director.
The upgrade process is not revocable. After the software is upgraded, you cannot downgrade the software to
the previous release.
Guidelines and Limitations
Upgrading the Cisco VACS has the following guidelines and limitations:
• Although upgrading UCS Director Release 5.1 and Cisco VACS Release 5.1STV1.0 to Cisco VACS
Release 5.2STV1.1 is supported, it is not the recommended method.
Prerequisites for Upgrading the Cisco VACS
Upgrading the Cisco VACS has the following prerequisites:
• You have installed Cisco UCS Director Release 5.2 or Release 5.2 based patch release, for example
Release 5.2.0.1
• The setup meets the system requirements with respect to the memory, disk size, and so on.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
47
Upgrading Cisco VACS
Upgrading Cisco VACS
• You have administrator privileges to install Cisco VACS and the components.
Upgrading Cisco VACS
To upgrade Cisco VACS Release 5.1STV1.0 to Release 5.2STV1.1, you must apply the Cisco VACS patch
to the Cisco UCS Director.
Before You Begin
• Download the Cisco VACS patch from http://www.cisco.com. This patch file is a signed zip file with
the following format: VACS-5_2_STV_1_1-pkg.zip..
• Unzip the zip file and place the software in the FTP or HTTP server that you plan to use to install the
Cisco VACS patch.
• If NFS mount is used for application storage, disable it before you apply a patch. If you do not, the
upgrade will fail.
Note
1 We recommend that you take a snapshot of the VM before you begin the upgrade. If you do this, you
do not need to back up the existing configuration database through an FTP server.
2 The VACS-5_2_STV_1_1.zip file can only be applied to the UCS Director Releases 5.1 and 5.2. If
you try to apply this patch file on any other UCS Director releases, the upgrade process errors out.
3 If you want to upgrade Cisco UCS Director Release 5.1 and Cisco VACS Release 1.0 to Cisco UCS
Director Release 5.2 (or Release 5.2 patch) and Cisco VACS Release 1.1, then the recommended
upgrade path is as follows: Cisco UCS Director Release 5.1 + Cisco VACS Release 1.0 > Upgrade to
Cisco UCS Director Release 5.2 (or Release 5.2 patch) > Upgrade Cisco VACS Release 1.1
Step 1
Step 2
Step 3
Start your current version of Cisco UCS Director.
Log in to the SSH application using the Shell admin credentials and proceed to the Cisco UCS Director Shell Menu, and
enter the appropriate numbers from this menu.
In the shelladmin, choose Stop services to stop all services.
Step 4
To verify that all services are stopped, choose Display services status.
Step 5
(Optional) If desired, you can choose Backup database to back up the Cisco UCS Director database.
You do not need to back up the database if you took a snapshot of the VM before you started.
Step 6
To apply the Cisco VACS patch, choose Apply patch.
Step 7
When prompted, enter the location of the Cisco VACS patch.
ftp://username:password@hostname|IP_address/software_location_and_name or http://http server
name|IP_address/software_location_and_name.
Note
In this procedure, we are using the FTP option to install the Cisco VACS
patch.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
48
Upgrading Cisco VACS
Verifying the Cisco VACS Upgrade Process
Step 8
Step 9
Wait for the download and installation to complete.
When prompted, choose Start services to start services and complete the installation process.
Upon a successful VACS patch installation (or an upgrade), you see the following options on the screen:
vacs_pre_install_1.1.sh Begin .....
vacs_pre_install_1.1.sh End
vacs_post_install_1.1.sh Begin .....
vacs_post_install_1.1.sh End
Completed installing package 0
Note
Step 10
Step 11
After you apply the Cisco VACS patch and complete that installation, choose the Start Services option of
ShellAdmin to start/restart the Cisco UCS Director services and complete the patch process. The patch process
is not complete or successful until the Cisco UCS Director services have started, Cisco UCS Director is available,
the login screen is displayed, and the admin user can log in to Cisco UCS Director.
All Cisco UCS Director services must be started before you attempt to perform other shelladmin procedures,
such as apply additional patches, take a database backup, or restore a database from a backup.
Log in to the Cisco UCS Director through the web browser (with the admin credentials), and choose Solutions > VACS
Container.
The Cisco VACS solution task icons appear.
Re-submit all existing templates to synchronize them with the updated version of Cisco VACS.
Verifying the Cisco VACS Upgrade Process
You can verify the Cisco VACS upgrade using any one of the following methods:
1 Log in to the Cisco UCS Director through the web browser (with the admin credentials), and choose
Solutions > VACS Container. You can view the Cisco VACS solution task icons.
2 Log in to the Cisco UCS Director through the web browser (with the admin credentials), and choose
Solutions > VACS Container > About VACS. You can view the installed version of Cisco UCS Director.
3 Verifying the availability of the Cisco Nexus 1000V, PNSC, VSG, and CSR OVF files in the Cisco UCS
Director—To verify if the OVF files exist in the Cisco UCS Director, from the Cisco UCS Director menu
bar, choose Administration > Integration > User OVF Management.
The User OVF Management window displays the list of Cisco UCS Director related OVA files.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
49
Upgrading Cisco VACS
Verifying the Cisco VACS Upgrade Process
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
50
CHAPTER
7
Troubleshooting Installation Issues
This chapter contains the following sections.
• Troubleshooting Cisco Virtual Switch Update Manager Installation Issues, page 51
• Troubleshooting Cisco Nexus 1000V VSM Installation Issues, page 52
• Troubleshooting Cisco PNSC Installation Issues, page 52
• Troubleshooting Adding Hosts Issues, page 54
• Troubleshooting CSR 1000V Installation Issues, page 55
• Deleting a Database Entry From UCS Director Database Table, page 56
• Error Messages, page 57
Troubleshooting Cisco Virtual Switch Update Manager
Installation Issues
Removing a Cisco Virtual Switch Update Manager Installation Manually
Use the following procedure to manually remove Cisco Virtual Switch Update Manager while installing the
Cisco Nexus 1000V for Cisco VACS.
Step 1
Delete the database entry for the respective <vsum-vm-name> from the UCSD (Cisco UCS Director) table
‘STINGRAY_AJAX_DATA’.
Delete the <vsum-vm>. For detailed instructions about deleting a database entry, see Deleting a Database Entry From
UCS Director Database Table, on page 56.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
51
Troubleshooting Installation Issues
Troubleshooting Cisco Nexus 1000V VSM Installation Issues
Step 2
Step 3
Step 4
Delete the extension - 'com.cisco.n1kv.headless' from the vCenter Server MOB from https://<vcenter-server-ip>/mob
and click Content > Extension Manager.
Click UnregisterExtension and add the Extension key Value = com.cisco.n1kv.headless.
Power off the <vsum-VM> from the vSphere Client and delete it.
Troubleshooting Cisco Nexus 1000V VSM Installation Issues
Removing the Cisco Nexus 1000V VSM Manually
Use the following procedure to manually remove a Cisco Nexus 1000V VSM.
Step 1
From the Cisco Nexus 1000V console, execute the following commands:
n1k-dvs-name# configure terminal
n1k-dvs-name(config)#svs connection vCenter
n1k-dvs-name(config-svs-conn)#no vmware dvs
This will remove the DVS from the vCenter Server and any associated port-groups. Do you really want
to proceed(yes/no)? [yes] yes
n1k-dvs-name(config-svs-conn)#no connect
n1k-dvs-name(config-svs-conn)#end
n1k-dvs-name#copy running-config startup-config (optional)
Step 2
Step 3
Power off the primary and secondary VSM VMs from the vSphere Client and delete both the VMs.
Delete the database entry for the respective <Nexus1000V-dvs-name> from the Cisco UCSD table
STINGRAY_AJAX_DATA.
To delete the database entry, see Deleting a Database Entry From UCS Director Database Table, on page 56.
Step 4
Select the entry for the respective <Nexus1000V dvs> from Cisco UCS Director UI from Administration > Physical
Account > Manage Network Elements and click Delete Nework Element.
Troubleshooting Cisco PNSC Installation Issues
Removing a PNSC Installation Manually
You can manually remove an unsuccessful or a failed PNSC installation using the following steps.
Step 1
Delete the database entry for the <pnsc-vm-name> you want to delete, from the UCSD table STINGRAY_AJAX_DATA.
To delete the database entry from the UCS Director database table, see Deleting a Database Entry From UCS Director
Database Table, on page 56.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
52
Troubleshooting Installation Issues
Problems with Installing Cisco Prime Network Services Controller
Step 2
Step 3
Step 4
From the UCS Director UI, delete the entry for the respective <pnsc-name> from Administration > Physical Account
> Multi Domain Managers.
Select the particular PNSC entry that you want to delete from the table and click Delete.
Power off the PNSC-VM from the vSphere Client and delete the VM.
Problems with Installing Cisco Prime Network Services Controller
This section includes symptoms, possible causes, and solutions for the following problems while you install
Cisco Prime Network Services Controller (PNSC).
Symptom
Possible Causes
Verification and Solution
The PNSC installation workflow
fails with the following
error:java.net.UnknownHostException
:< hostname_of_the_server
>,selectedContext=< None >
This occurs when the hosts
are added to the VC via the
host names and the SNS
settings on the UCS
Director is incorrect. The
reachability to the host and
the PNSC OVA
deployment fails when
either the DNS server is
wrong, or when the DNS
server is not listed as the
first one in the UCS
Director.
You must verify that the DNS server IP
address is valid and the DNS server is listed
as the first. If not, change the order of the
DNS server in such a way, that the preferred
DNS server is always listed as the first in
the list.
To change the order or view the DNS IP
address, do the following:
1 Log into UCS Director.
2 navigate to Administration > Guided
Setup > Initial System Configuration
> Launch.
3 Skip all the steps until the DNS Server
appears. Edit the order of the DNS server
list or add the right DNS servers.
4 Skip the remaining steps and click
Submit. You can relaunch the PNSC
installation for a successful deployment.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
53
Troubleshooting Installation Issues
Troubleshooting Adding Hosts Issues
Troubleshooting Adding Hosts Issues
Removing the Hosts Manually
Use the following procedure to manually remove the hosts added to the Cisco Nexus 1000V distributed virtual
switch (DVS).
Step 1
If not already added, add a physical NIC or VMNIC to the vSphere Standard Switch and navigate to vSphere Standard
Switch.
Attention
This step is applicable only if one physical NIC or VMNIC is migrated to the N1KV DVS. If more than a
physical NIC or VMNIC is migrated to the Cisco Nexus 1000V DVS, then skip to Step 3.
Step 2
Step 3
Select the Physical NIC or VMNIC from Properties > Network Adapters > Add.
Migrate the VMKNIC back to the vSwitch.
Note
You must select the appropriate VLAN ID that facilitates management connectivity.
Step 4
In the vSphere Distributed Switch, navigate to Manage Virtual Adapters and select the management VMKNICs and
click Migrate. Choose the appropriate vSphere Standard Switch and the port-group that facilitates management
connectivity, and proceed with the migration.
Repeat this step for all relevant and necessary VMKNICs.
Step 5
To remove newly created Layer 3 control (Nexus 1000V control) VMKNIC and the VTEP VMKNICs, navigate to the
Manage Virtual Adapters in the vSphere Distributed switch and select the appropriate virtual adapter and click Remove.
To move all virtual machines from Cisco Nexus 1000V to vSwitch, select the VM and navigate to Edit Settings and
change the network adapter's port group mapping to a port-group on the VMware Standard vSwitch.
To remove the host from the distributed virtual switch, perform the following steps:
a) In the Networking sub menu, select the Nexus 1000V DVS from the left panel.
b) From the Hosts tab on the right panel, select the particular host to be deleted.
c) Right click and select Remove from the vSphere Distributed Switch.
Note
These steps ensure that all the PNICs associated with the DVS are removed and are made available.
Step 6
Step 7
Step 8
To remove the VIB from the host, move the host to maintenance mode and SSH to the host and execute the following
command : esxcli software vib remove -n cisco-vem-v170-esx
Step 9
To clean up the VTEP entries for the host from the UCS Director database, perform the following steps:
a) Log on to Cisco UCS Director as root user and enter mysql --user=admin --password=<ucsd db password>
<db-name> to access the UCS Director database.
b) Use the following syntax to remove the VTEP entries for the host that was removed:
DELETE from STINGRAY_VTEPS_PER_HOST where HOSTIP="<VEM-HOSTIP>";
e.g.
DELETE from STINGRAY_VTEPS_PER_HOST where HOSTIP="10.10.10.1";
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
54
Troubleshooting Installation Issues
Problems with Adding Hosts
Problems with Adding Hosts
This section includes symptoms, possible causes, and solutions for the following problems while you add
hosts.
Symptom
Possible Causes
When you manually add a port
profile, sometimes you get an
error message.
Verification and Solution
You must verify that the DNS server IP
address is valid and the DNS server is listed
as the first. If not, change the order of the
DNS server in such a way, that the preferred
DNS server is always listed as the first in
the list.
To change the order or view the DNS IP
address, do the following:
1 Create a port group on the vSwitch. The
name of this port group must be
Management Network.
2 In the UCS Director, navigate to Virtual
> Compute > Your VC Account >
Polling > Request Inventory
Collection.
After the inventory is completed, the port
profile is available in the Port Profile
Configuration screen.
The add host operation fails when
you add a host that has a
VMWare DVS installed on it.
Either remove the VMWare DVS from that
host or use another host that does not have
the VMWare DVS installed on it.
Troubleshooting CSR 1000V Installation Issues
Applying the CSR 1000V License Manually
Use the following procedure to manually apply the CSR 1000V license.
Step 1
Log in to the CSR1000V using the SSH application.
The login credentials are available in the container report. For more information, see Viewing Reports.
Step 2
Execute the following commands:
# config terminal
# call-home
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
55
Troubleshooting Installation Issues
Deleting a Database Entry From UCS Director Database Table
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
Step 3
profile “CiscoTAC-1”
active
anonymous-reporting-only
destination transport-method http
no destination transport-method email
exit
service call-home
license smart enable
license boot level lite
ip domain lookup
ip name-server <yourDNS-IP>
platform hardware lite license enable
exit
write
reload
After the CSR 1000V is online, log in to the CSR 1000V using the SSH application, and execute the following command:
# license smart register idtoken <your-CSR-token-id>
Step 4
After one to three minutes, the CSR 1000V is licensed.
To verify that the CSR 1000V is licensed, from the Cisco UCS Director menu bar, choose Virtual > Network. The
VACS:CSR Licenses screen that appears displays the CSR 1000V license details.
Deleting a Database Entry From UCS Director Database Table
Step 1
Log on to Cisco UCS Director as root user and enter mysql --user=admin --password=<ucsd db password> <db-name>
to access the UCS Director database.
example:
mysql --user=admin --password=cloupia db_private_admin
Step 2
Enter the following SQL query to delete a database entry from the UCS Director database table:
DELETE FROM <table_name>
WHERE <some_column>=<some_value>;
example:
DELETE FROM STINGRAY_AJAX_DATA
WHERE VMNAME = ’vsum_vm’;
Step 3
Enter the following SQL query to examine the entries in the table before or after the deletion:
SELECT ALL <comumn_name> FROM <table_name>;
Example:
SELECT ALL VMNAME FROM STINGRAY_AJAX_DATA;
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
56
Troubleshooting Installation Issues
Error Messages
Error Messages
This section describes the errors that may be encountered when working with the Add Host operation in the
Cisco VACS and the corresponding solutions to these errors.
Error Message
Cause/Resolution
vm_kernel_IP_in_use VSUM Error Message : null
Change the VMKNIC IP (L3 or vteps) and submit
the Add-host operation.
virtualNIC_dendency_on_PNIC, VSUM Error
Message : null
There was a VM template using VM network pg on
that vSwitch. When you try to migrate the pnic
mapped to vswitch to dvs, VSUM(Nexus1000V
installer) throws an error.
Vlans_not_backed, VSUM Error Message : null
If VLANs of existing vmknics/new L3 control
vmknic/Vteps/VMs are not present in the uplink
port-profile chosen for the pnics.
VSM_operation error, VSUM Error Message : nul
Some of the configuration commands have failed on
the Nexus 1000V . Log in to Nexus 1000V and check
the accounting log. The show accounting log will
show some commands as 'FAILURE'.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
57
Troubleshooting Installation Issues
Error Messages
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
58
CHAPTER
8
FAQs
This chapter contains the following sections.
• Cisco VACS Installation FAQs, page 59
• Cisco VACS Licensing FAQs, page 62
Cisco VACS Installation FAQs
• General Installation
General Installation
Q. I have an existing Cisco Nexus 1000V in my datacenter. Do I still need to install Cisco Nexus 1000V for
Cisco VACS?
A. Yes, you have to install Cisco Nexus 1000V for Cisco VACS using the Cisco VACS solution UI in Cisco
UCS Director.
Q. I have an existing Cisco Prime Network Services Controller (PNSC), Cisco Nexus 1000V and Cisco VSUM
in my datacenter. Can I reuse them ?
A. No, you cannot reuse the Cisco VACS components. You have to install the components using the Cisco
VACS solution UI in Cisco UCS Director.
Q. Can I install the Cisco VACS solution on Cisco UCS Director 4.x and earlier versions?
A. No. The Cisco VACS solution requires Cisco UCS Director version 5.1 or later.
Q. Can I migrate the existing Virtual Machines (VM) to the Cisco Nexus 1000V installed by Cisco VACS ?
A. Yes, but you cannot use them as part of a Cisco VACS container. However, you can create a VM template
of an existing VM and use the same in the Cisco VACS containers.
Q. Do I need to follow a specific sequence for installing the Cisco VACS infrastructure components?
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
59
FAQs
Cisco VACS Installation FAQs
A. Yes. Install the Cisco VACS sequence in the following order :
1 Install PNSC
2 Install Cisco Nexus 1000V
3 Add Host
Q. Are there any recommendations for a PNSC host name/ Admin Password / Shared Secret ?
A. Yes. The recommendations are as follows:
Name
Recommendation
PNSC Host Name
The host name must include minimum two
characters and must follow the RFC 952 standard.
As per this standard, the host name can contain only
the following characters:
• ASCII letters "a" through "z" in a
case-insensitive manner
• Numerics from "0" to "9"
• Hyphen ("-")
Note
The host name must not start with a
numeric or with a hyphen and must not end
with a hyphen.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
60
FAQs
Cisco VACS Installation FAQs
Admin Password
The admin password validation must meet the below
conditions:
• Contains a minimum of eight characters.
• Contains at least three of the following:
1 Lowercase letters
2 Uppercase letter
3 Digits
4 Special characters
• Does not contain a character that is repeated
more than three times consecutively. For
example, aaabbb.
• Is not the user name or the reverse of the user
name.
• Passes a password dictionary check. The
password must not be based on a standard
dictionary word. PNSC uses the standard
Linux open source PAM module.
• Does not contain the following symbols: dollar
sign ($), question mark (?), equals sign (=).
• The password must not be blank for a local
user and the admin accounts.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
61
FAQs
Cisco VACS Licensing FAQs
Shared Secret
The shared secret password must contain the strong
password characteristics such as the following:
• At least eight characters.
• Lowercase letters, uppercase letters, digits,
and special characters.
• Does not include characters such as:
1 Consecutive alphanumeric characters, such
as abcd or 1234.
2 Characters repeated three or more times,
such as aaabbb.
3 A variation of the word Cisco , such as
cisco , ocsic , or one that changes the
capitalization of letters in the word Cisco.
4 The username, or the username in reverse.
5 A permutation of characters present in the
username or Cisco.
• Characters such as, &, ' " `, ( ), < >, |, \, ;, $, ?,
and spaces.
Cisco VACS Licensing FAQs
Q. How do I obtain a Cloud Services Router (CSR) 1000V license token?
A. If you already have a Cisco VACS production license, you will be provided with a smart account with
CSR licenses. You should login to this CSR account and generate a smart token, which will be used to
register with Cisco UCS Director.
Q. How many CSR License are provided for a single Cisco VACS license?
A. Each Cisco VACS license is provided with 10 CSR licenses.
Q. Are CSR licenses provided with Cisco VACS evaluation licenses ?
A. No, but CSR comes with default licenses for a 60 days trial period.
Q. Does Cisco VACS automatically license CSR evaluation licenses when Cisco VACS permanent licenses
are installed ?
A. No. You must manually apply the CSR license for the existing containers which have been deployed with
the EVAL license.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
62
FAQs
Cisco VACS Licensing FAQs
Q. Can I install Cisco VACS licenses on Cisco Nexus 1000V?
A. No, you cannot install Cisco VACS licenses on Cisco Nexus 1000V. Only Cisco VACS can install the
Cisco Nexus 1000V licenses for Cisco VACS.
Q. How many workload VMs and containers are allowed per Cisco VACS license?
A. There is no limit on how many workload VMs you can add to a Container, but the number of VMs on a
server is limited by the Cisco UCS Director server licenses installed.
Q. How many workload VMs are allowed per container?
A. There is no technical limit on the number of workload VMs permitted per Cisco VACS container.
Q. How do I add additional Cisco VACS licenses to my existing license?
A. You can buy new Cisco VACS licenses from the Cisco Technical Assistance Center (TAC) and install
them in Cisco UCS Director. For detailed information about installing Cisco UCS Director, see Installing
the CSR 1000V License, on page 17 and Updating the Cisco UCS Director License, on page 15.
Q. When Cisco VACS Containers are deleted, if CSR licenses are not released. What is the process to release
the CSR licenses used by the deletedCisco VACS Containers ?
A. You must log in to the Cisco VACS CSR Smart account and release the CSR licenses consumed by the
deleted Cisco VACS Containers.
Q. Can I use evaluation licenses with UCSD Production licenses?
A. No, Cisco VACS evaluation licenses can be used only with Cisco UCS Director evaluation licenses.
Q. Can fenced containers and Cisco VACS co-exist with a Cisco VACS license?
A. Yes, they can.
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
63
FAQs
Cisco VACS Licensing FAQs
Cisco Virtual Application Container Services Installation and Upgrade Guide, Release 5.2STV1.1
64